Hi,
Would you consider marking CVE-2022-23302 as DISPUTED and/or "Unsupported When
Assigned"?
Rationale:
One could argue (philosophically and practically) that this is *not* a
vulnerability, or if it is, then many, many other programs are similarly
vulnerable. The conditions of an attacker
Severity: high
Description:
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of
untrusted data when the attacker has write access to the Log4j configuration or
if the configuration references an LDAP service the attacker has access to. The
attacker can provide a TopicConne
